If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

What can you do if an infected computer is targeting you?

In the last little while I have been receiving a several different emails for two different targets. These emails seem to be very suspicious because they are from people who I don't know, but have legitimate email addresses, and always contain strange attachments (either .scr, .exe, .html, etc.).

This is really starting to annoy me beacsue all of these emails are over 100k and are filling up my hotmail account. I know you can block a single email address with hotmail, but is it not the resposibility of the network admin to block obvious virus related attachments such as .scr and .exe? Am I completely helpless against these attacks or can you take further action to ensure that these types of email attachments are blocked at their source?

Also, I know that in some cases the email addresses are spoofed, and I have checked the headers and they are coming from this server. Can they be held accountable if someone is spoofing email on their server (I know its not easy to stop)?

Re: What can you do if an infected computer is targeting you?

This is really starting to annoy me beacsue all of these emails are over 100k and are filling up my hotmail account. I know you can block a single email address with hotmail, but is it not the resposibility of the network admin to block obvious virus related attachments such as .scr and .exe?

No.. its not the responsibility of the network admin to do anything if its in your personal Hotmail account.. if it was a business account, yes.. Hotmail isn't his problem..

Originally posted here by growland
Am I completely helpless against these attacks or can you take further action to ensure that these types of email attachments are blocked at their source?

Thanks for any info!

Make a few e-mail boxes and start blocking everyone .. only give out your addy when absolutely necessary.. otherwise than common sense, there's not much you can do with a Hotmail account.. I'm assuming someone's going to drop in a post with a anti-spam program but those are worthless and overpriced..

Re: Re: What can you do if an infected computer is targeting you?

No.. its not the responsibility of the network admin to do anything if its in your personal Hotmail account.. if it was a business account, yes.. Hotmail isn't his problem..

Sorry for the confusion, but I am getting them in my hotmail account, but the source of the emails is from a private network (both Canadian Universities). Or are you saying it is the responsibility of the receiving mail server to do the blocking and not the sending server?

Before you start saying that an email is from this place or that place, make sure you have access to the email's complete internet header. If you use Outlook, open the email, select View, Options, and you will see a box at the bottom of the dialog that contains the entire header. Copy and paste this information into a Notepad or new email window and examine it.

You may find that the information in the header doesn't necessarily match the information in the From: or ReplyTo: lines. The source IP of the mail will be in the header and you can use SamSpade (http://www.samspade.org/) to find the source domain with that IP.

You may be surprised to find that the mail is coming from half-way around the world and there really isn't much you will be able to do about it.

I don't know how the deal goes in Canada [though I live here, I'm not in Univ yet] but it's a common practice for hackers to obtain univ accounts for different purposes. Although it's much more probable it's spoofed... and being a hotmail account, I'm amazed you just started receiving this kind of 'virus-spam'.. there was a major 'flood' in the winter and again in the spring, at least the ones I've been subjected to... good thing hotmail isn't my most important e-mail account, nor am I accessing it through Outlook...

I agree with rapier57 here, this is what I do after it gets really annoying. You can usually spot the x-originating address which usually leads you to where it originated. I used to get a bunch of emails regarding fake diplomas for almost a year until I reported it. Within a week, it stopped and I haven't received any more since. It doesn't always work, as a few times the IP didn't show up in my email headers (i use hotmail too btw) but for the most part, you can see it. Here is the header of an email I sent from my Linux terminal:
-------------------------------------
MIME-Version: 1.0
Received: from linux.local ([xxx.xx.xx.xxx]) by mc8-f33.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Mon, 27 Oct 2003 21:39:19 -0800
Received: by linux.local (Postfix, from userid 500)id CB8E13F4E8; Mon, 27 Oct 2003 23:40:40 -0700 (MST)
X-Message-Info: JGTYoYF78jEtgzaPLUDTX0XCtOncEMlD
Message-ID: <3F9E0F68.mail4EK1ISQMJ@linux.local>
User-Agent: nail 10.3 11/29/02
Return-Path: dave@linux.local
X-OriginalArrivalTime: 28 Oct 2003 05:39:19.0925 (UTC) FILETIME=[D58E4250:01C39D15]
------------------------------------
I turned my IP into x's just b/c i'm a little paranoid, but basically thats what you look for. (the line 'Received: from linux.local ([xxx.xx.xx.xxx])' Then as rapier57 said, go to http://www.samspade.org/ and look it up. It should give you information on the network the IP belongs to. Then look for the 'abuse@xxxxx.xxx' in which you can email. Be nice, quick, brief (they don't have time to read your ranting and raving ) and include the full email header.

Of course blocking them all don't work, I know. They keep coming from new emails and you can only block so many addresses to begin with. I keep some of them in an 'evidence' folder if they aren't too big, just in case. I reported a number of times over the past 6 months and hardly ever get junk mail anymore. Maybe 2-3 messages a week? thats about it.

Also, sometimes you can tell it came from a persons computer. I have had this happen a few times. (like bob@aol.com for example with some common virus, and NO I'm not picking on AOL, its just the last one I had, but it wasn't bob...) and all I did was email the user explaining they probably were infected, and after a week of emailing back and forth, they finally got rid of it.

Hope I made sense, if I made any mistakes, please someone correct me. Its late and I'm barely thinking at all. If I didn't give u any info you were lookin for, please let me know!

Before anyone gets excited about the e-mail addy..............I have it because I do not give a rat's a$$ what happens to their server. If this is a problem to anyone, might I suggest that you relocate?